• t 

8 determining in said internet service nodek specific subscriber to whom said received data 

9 relates to; and I 

10 applying in said internet service node said plurality of processing rules related to said 

1 1 determined specific subscriber, wherein said applying is performed after said determining. 

1 2. The method of claim 1, wherein s£id internet service node is provided as an edge 

2 device of an access network such the service policies can be controlled from the edge of said 

3 access network. 

1 3. The method of claim 2, wherein said internet service node comprises an edge 

router. \ 

1 4. The method of claim 1, wherein saia intemet service node comprises a plurality of 

2 processors, said determining and applying together comprises: 

3 assigning each of said subscribers to a processor group, wherein each processor group is 

4 configured with the processing rules corresponding lo assigned subscribers; and 

5 forwarding data related to each subscriber tola corresponding processor group after said 

6 determining of specific subscriber. 1 

1 5. The method of claim 4, wherein each processor group comprises a plurality of 

2 processors. \ 

1 6. The method of claim 4, wherein data related to subscribers assigned to said 

2 processor group is assigned in a round-robin fashion among said plurality of processors. 

1 7. The method of claim 4, wherein end systdms of said plurality of subscribers 

2 generate data using intemet protocol (IP). \ 

1 8. The method of claim 7, wherein said data (Comprises ATM cells. 



1 

2 



9. The method of claim 8, wherein said detemi 
contained in said ATM cells, said determination of specific 
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ining comprises examining data 
\subscriber being based on the results 
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3 of said examination and a port on whicl 

4 comprised in said internet service node 



said ATM cells are received, wherein said port is 



1 10. The method of claim 9, AMherein said applying comprising: 

2 deciding in said port the specific processor group to which said data is to be forwarded, 

3 wherein said specific processor group is aecided based on said specific subscriber to whom said 

4 received data relates to; and \ 

5 modifying the header of said cells to indicate said determined processor group such that 

6 the cells can be forwarded to an appropriate processor group based on examination of cell 

7 header, wherein said appropriate processor group is configured with the processing rales relate to 

8 said specific subscriber. 



4 
5 
6 



1 1 . The method of claim 1 0, wheipin said deciding is performed using a content 
addressable memory (CAM), said CAM containing a plurality of locations, each of said plurality 
of locations having a mask, a search field andlan outfield field, said CAM being designed to 
receive an input value and compare said inputlvalue with data in said search field at bit positions 
specified by said mask for each of said plurality of locations, said CM being designed to generate 
as output the data stored in said output field if Ihere is a match with the corresponding location. 



1 12. The method of claim 1 1 , wherein the data stored in the output field of said CAM 

2 identifies an identifier of a processor group either directly or indirectly, and wherein each entry 

3 of said mask and search field are implemented th store data identifying a subscriber such that 

4 said identifier can be determined using said datalstored in said output field. 

1 13. The method of claim 1 2, wherein k portion of the header of said ATM cells is 

2 replaced with said identifier such that said ATM cells can be assigned to a processor group 

3 designed to process data related to said subscribenby examining said header. 



1 14. The method of claim 13, wherein said identifier is stored in a virtual path 

2 identifier (VPI) or virtual channel identifier (VCI) field of said header. 
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1 15. The method of claim 1 2 

2 provided as said input to said CAM. 



wherein bytes 1, 7, 8, 10, and 13-20 of an EP header are 



1 16. The method of claim 13,\wherein a switch fabric forwards said data to said 

2 processor group based on an examination of said header of said ATM cells. 



1 

2 
3 
4 
5 
6 
7 




1 7 . The method of claim 1 3 , fiirther comprising: 

storing a mapping of virtual path identifier/virtual channel identifier (VP WCI) and port 
number to a connection identifier in a virtual channel (VC) table, wherein each entry of said VC 
table further indicates whether the VP WCI of a received cell needs to be replaced, and 

accessing an entry in said VC table corresponding to a received cell comprised in said 
received data, 

wherein said header of said received bell is modified only if the data in said entry 
indicates that the VP WCI field is to be replaced. 

18. The method of claim 1 7, fiirtheV comprising: 

setting the VCI cells forming said received data to said connection identifier; 
generating a processor identifier or a prc^cessor group identifier using said output of said 
CAM; and 

setting the VPI of said sequence of cells t^ said processor identifier or said processor 
group identifier; 

wherein said switch fabric uses said VPI to\forward said sequence of cells to one of said 
processors. 



1 19. The method of claim 12, fiirther composing setting said mask of a location to 

2 examine at least some of the bit positions corresponding to an IP address, and said search field of 

3 said location to a plurality of IP addresses in combinatiop with said mask, wherein at least some 

4 of said IP addresses are associated with said subscriber. 
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1 20. The method of claim 19, yherein each of said IP addresses comprises an EP 

2 source address. 

1 21. The method of claim 1 9, ^herein each of said IP addresses comprises an IP 

2 destination address. 




22. The method of claim 19, fujrther comprises: 

maintaining an IP table mapping each of said plurality of IP addresses to a processor 
identifier or a processor group identifier; amd 

using bits in the masked positions olf the IP address of said IP packet and said output of 
said CAM to retrieve said processor identiner or said processor group identifier, 

wherein said sequence of cells are assigned to a processor identified by said processor 
identifier or said processor group identifier by said processor group identifier. 

23. The method of claim 12, wherfein said search field does not contain sufficient 
number of bits to store data identifying said subscriber, said method further comprising: 

storing in a plurality of entries of said CAM data identifying said subscriber, wherein the 
output of said plurality of entries is examined i^ determining said processor identifier or 
processor group identifier. 



1 24. The method of claim 23, wherein me output of one said plurality of entries is used 

2 as an input to another one of said pluraUty of entries of said CAM, wherein the output of said 

3 another of said plurality of entries identifies said processor identifier or processor group 

4 identifier. 

1 25. The method of claim 23, wherein received data related to said subscriber is 

2 received using an L2TP tunnel. 



1 



26. The method of claim 25, further comprises: 
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2 providing bytes 1, 7, 8, 10, 13-15, and 17-20 of the IP packet contained in a first cell of 

3 said received data as a first input; ana 

4 providing bytes 23, 24, and 27l37 of the IP packet contained in said first cell as a second 

5 input. \ 

1 27. A method of providing a\desired set of service policies to each of a plurality of 

2 subscribers, said method comprising: \ 

3 (a) providing an internet service node (ISN) as an edge router; 

4 (b) specifying a desired set of service policies for each of said plurality of 

5 subscribers; \ 

6 (c) translating each of said desirid service policies into processing rules, wherein 



7 each processing rule comprises a classifier and an associated action, wherein said classifier 

8 identifies data flows to which said associated action is to be applied; 

(d) configuring said ISN with said processing rules; 
i\ (e) receiving a plurality of bit groups fi'om a subscriber comprised in said plurality of 

1 1 subscribers; \ 



12 (f) generating a plurality of packets from data contained in said plurality of bit 

13 groups, wherein each of said plurality of packets lean be associated with a data flow generated by 

14 an application of said subscriber; \ 

1 5 (g) determining a data flow to which each of said plurality of packets relates to; and 

16 (h) applying said actions associated wim classifiers matching said data flow 

17 determined in (g), \ 

1 8 whereby each of said plurality of subscribers\are provided said corresponding desired set 

19 of service pohcies. \ 

1 28. The method of claim 27, wherein end sykems of said plurality of subscribers 

2 generate data using internet protocol (IP) and (f) comprigfes generating a plurality of IP packets. 

1 29. The method of claim 28, wherein said bit groups comprise ATM cells, and 

2 wherein said plurality of packets are generated fi-om said ATM cells. 
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1 30. The method of claim 28, further comprising maintain a state for one of said 

2 plurality of service policies, wherein said state enables multiple data flows to be processed to 

3 meet the service. \ 

1 31. The method of claim 28, farther comprising maintaining a state for each of said 

2 data flows, wherein the processing rules td be applied to packets of each flow is maintained in 

3 said state, \ 

1 32. The method of claim 28, further comprising: 

2 (i) monitoring control data flow ©f an application to determine the port number of a 

3 new data flow by an application; and \ 

4 (j) generating a new processing nile using the determined port number. 

3 3 . The method of claim 27, furthen comprising: 

2 (k) providing a plurality of processor groups, with each processor group containing a 

3 plurality of processors; and \ 

4 (1) assigning each of said packets to one of said plurality of processor groups, 

5 wherein one of said plurality of processors in said\ assigned groups processes the assigned 

6 packets. \ 

1 34. The method of claim 33, wherein alltoackets related to a subscriber are assigned 

2 to a single processor group. \ 

1 35. The method of claim 34, further composing assigning packets to individual 

2 processors in a round-robin fashion. \ 

1 36. A method of assigning an internet protocol (IP) packet related to a subscriber to a 

2 processor in an internet service node (ISN), said ISN containing a plurality of processors, 

3 wherein said processor is capable of processing said IP packet to provide service policies desired 

4 for said subscriber, said method comprising: \ 
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6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
8 

19 
0 
21 
22 
23 



(a) configuring a location of a content addressable memory (CAM), said CAM 
containing a plurality of locationsyincluding said location, each of said plurality of locations 
having a mask, a search field and an outfield field, said CAM being designed to receive an input 
value and compare said input value with data in said search field at bit positions specified by said 
mask for each of said plurality of locations, said CAM being designed to generate as output the 
data stored in said output field if there\is a match with the corresponding location, said search 
field and said mask of said location being set to data identifying one or more processors suitable 
for processing data related to said subscMber; 

(b) receiving said IP packet imthe form of a sequence of cells including a first cell 
containing the header data of said IP packet; 

(c) providing data in said first cm as said input value to said CAM; 

(d) receiving as an output of said fcAM the data stored in said output field of a 
location if the corresponding search field matcl^es said input value at the bit positions specified 
by the corresponding mask; and 

(e) assigning said sequence of cells to^aid one or more processors identified by said 
output received in (d), 

whereby said IP packet is assigned to said orie or more processors suitable for processing 
said IP packet if the data in said first cell matches datSj stored in said location at bit positions 
specified by said mask of said location. 



1 37. The method of claim 36, wherein said data^provided in (c) comprises bytes 1, 7, 8, 

2 1 0, and 1 3-20 of said IP header. 

1 38. The method of claim 36, wherein said output hf (d) identifies a processor group 

2 suitable for processing said IP packet and said processor group\includes said one or more 

3 processors assigned to in (e). 



1 39. The method of claim 36, wherein a switch fabric foWards each cell to one of said 

2 one or more processors according to the cell header, and (e) comprises modifying the cell header 

3 of said sequence cells. 
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1 40. The method of claim 4, further comprising: 

2 (f) storing a mam^ing of virtual path identifier/virtual channel identifier (VP WCI) 

3 and port number to a connection identifier in a virtual chaimel (VC) table, wherein each entry of 

4 said VC table further indicateSywhether the VPLVCI of a received cell needs to be replaced; 

5 (g) accessing an entW in said VC table corresponding to said first cell; and 

6 (h) performing (c) - (\) only if said retrieved entry indicates that the VP WCI of said 

7 first cell needs to be replaced. 

1 41 . The method of claim >5, wherein (e) comprises: 

2 (i) setting the VCI of said sequence of cells to said connection identifier; 

3 (j) generating a processor i(ientifier or a processor group identifier using said output 

4 of (d); and 

5 (k) setting the VPI of said se^jience of cells to said processor identifier or said 

6 processor group identifier, 

V7 wherein said switch fabric uses said\VPI to forward said sequence of cells to one of said 

8 processors. 

1 42. The method of claim 36, wherein (a) comprises a setting said mask of said 

2 location to examine at least some of the bit positions corresponding to an IP address, and said 

3 search field of said location to a plurality of IP adclresses in combination with said mask, wherein 

4 at least some of said IP addresses are associated with said subscriber. 

1 43. The method of claim 42, wherein each\jf said IP addresses comprises in IP 

2 destination address. 

1 44. The method of claim 43, wherein each of sa\d IP addresses comprises an IP 

2 destination address. 



45. The method of claim 42, said method further comprises: 
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2 (1) maintaining an IP table mapping each of said plurality of IP addresses to a 

3 processor identifier or a processor group identifier; and 

4 (m) using bits in the masked positions of the IP address of said IP packet and said 

5 output of (e) to retrieve said processor identifier or said processor group identifier, wherein said 

6 processor group comprises aplurality of processors, 

1 46. The method of claim 36, wherein said search field does not contain sufficient 

2 number of bits to store data identifying said subscriber, said method fiirther comprising: 

3 (n) storing said data anoycorresponding masks identifying said subscriber in more 

4 than one of said locations; \ 

5 (o) providing different porrions of said data as different inputs to said CAM, wherein 

6 said input of (c) is provided last; and \ 

7 (p) using said output of (d) tomentify said processor or processor group for 

8 processing only if matches exist for all of slaid different inputs. 

1 47. The method of claim 46, wherein subscriber data is received using an L2TP 

2 tunnel. \ 

1 48. The method of claim 46, wherein (n\ comprises: 

2 (q) providing bytes 1, 7, 8, 10, 13-15, and\l7-20 of the IP packet contained in said 

3 first cell as a first input; and \ 

4 (r) providing bytes 23, 24, and 27-37 of the IR packet contained in said first cell as a 

5 second input. \ 

1 49. A method of assigning a cell to one of a plurality of processors comprised in an 

2 internet service node (ISN), said method comprising: \ 

3 (a) configuring a content addressable memory (CAM) Comprising a plurality of 

4 locations, each of said plurality of locations having a mask, a searchVield and an outfield field, 

5 said CAM being designed to receive an input value and compare said mput value with data in 

6 said search field at bit positions specified by said mask for each of said plurality of locations, 
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7 said search field, sadd mask and said output field of a first location comprised in said 

8 plurality of locations being configured with first a first search value, a first mask value and a first 

9 output value respectively, said search field, said mask and said output field of a second location 

10 comprised in said plurality ofuocations being configured with a second search value, a second 

1 1 mask and a second output value respectively, 

12 wherein said first searchV/alue, said first mask value and said first output value are not 

13 equal to said second search value\ said second mask and said second output value respectively 

14 and wherein said first output value\and said second output value contain data identifying one or 

15 more processors comprised in said plurality of processors; 

16 (b) receiving said cell in skid ISN; 

17 (c) providing data in said fiVst cell as said input value to said CAM; 

1 8 (d) receiving as an output of Vaid CAM the data stored in said output field of a 

19 location if the corresponding search field \patches said input value at the bit positions specified 

20 by the corresponding mask; and 

2 1 (e) assigning said cell to a proce^or identified by said output received in (d). 

1 50. The method of claim 49, wherem said cells is a header cell of a sequence of cells 

2 forming a packet, said method fiirther comprising assigning all of said sequence of cells to said 

3 processor. 



1 5 1 . An internet service node (ISN) for providing a desired set of service policies 

2 desired by each of a plurality of subscribers, said ISM comprising: 

3 a plurality of processors, wherein each of said\plurality of subscribers is assigned to a 

4 subset of said pluraUty of processors, wherein said subget of said processor is configured with 

5 processing rules which provide a set of service policies aesired by said corresponding subscriber; 

6 a port coupled to receive data related to one of saia\plurality of subscribers, said port 

7 determining a subset of processors which are designed to process data related to said one of said 

8 pluraUty of subscribers; and 

9 a switch fabric coupled to said plurality of processors arid said port, wherein said switch 

10 fabric receives said data fi-om said port and forwards said data to\aid subset of processors 

1 1 according to the determination of said port. 
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1 52. The ISN of \;laim 5 1 , wherein each of said set of said plurality of processors is 

2 provided as a processor groub in a packet service card, wherein said packet service card contains 

3 a pluraUty of processor groups^ and wherein said ISN contains a plurality of packet service cards. 



1 

2 



5 3 . The ISN of claim^ 1 , wherein said port receives said data as a sequence of ATM 



cells. 



1 54. The ISN of claim 53, wherein said port determines an identifier of said subset of 

2 processors and sends said identifier to^aid switch fabric, wherein said switch fabric assigns said 

3 ATM cells to said subset of processors based on said identifier. 

1 55. The ISN of claim 54, wherem said port modifies a header of each of said ATM 

2 cells to include said identifier in said header Wch that said switch fabric can forward said ATM 
3/ cells to said subset of processors by examining said header. 



56. The ISN of claim 55, wherein said port comprises:. 

2 a framer to receive said data related to saia one of said plurality of subscribers; 

3 a content addressable memory (CAM) containing a plurality of locations, each of said 

4 plurality of locations having a mask, a search field and an outfield field, said CAM being 

5 designed to receive an input value and compare said input value with data in said search field at 

6 bit positions specified by said mask for each of said plurality of locations, said CAM being 

7 designed to generate as output the data stored in said output field if there is a match with the 

8 corresponding locations, wherein the data stored in the output field of said CAM identifies an 

9 identifier of a processor group either directly or indirectly, arid wherein each entry of said mask 

10 and search field are implemented to store data identifying a suB^criber such that said identifier 

1 1 can be determined using said data stored in said output field; anc 

12 an assignment logic coupled to said CAM and said fi:amer,\said assignment logic 

13 determining said identifier by providing the received data as an inpus^ to said CAM, said 

14 assignment logic including said identifier in said header. 
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1 57. The ISNNof claim 56, wherein said identifier is stored in a virtual path identifier 

2 (VPI) or virtual channel iiientifier (VCI) field of said header. 

1 58. The ISN of claim 57, wherein said sequence of cells contain an hatemet Protocol 

2 (ff) packet, and said assignment logic provides bytes 1, 7, 8, 10, and 13-20 of an IP header as 

3 said input to said CAM. \ 

1 59. The ISN of claim 57, mrther comprising: 

2 a virtual channel table storing asmapping of virtual path identifier/virtual channel 

3 identifier (VP WCI) and port number toV connection identifier, wherein each entry of said VC 

4 table further indicates whether the VP WOI of a received cell needs to be replaced, wherein said 

5 assignment logic accesses an entry in said VC table corresponding to a received cell comprised 

6 in said received data, and modifies said heade\ only if data in said entry indicates that the 

7 VP WCI field is to be replaced. \ 



60. The ISN of claim 59, wherein said ^signment logic sets the VCI of cells forming 
said received data to said connection identifier and said VPI of said cells to said identifier. 



1 61 . The ISN of claim 56, wherein said search field does not contain sufficient number 

2 of bits to store data identifying said subscriber, and wherW said CAM is designed to store in a 

3 plurality of entries data identifying said subscriber, wherein said assignment logic examines the 

4 output of said pluraUty of entries in determining said identifier. 

1 62. The ISN of claim 61, wherein said assignment lo^eic uses the output of one of said 

2 plurality of entries as an input to another one of said plurality of entries, wherein the output of 

3 said another of said plurality of entries identifies said processor identifier or processor group 

4 identifier. \ 

1 63 . The ISN of claim 6 1 , wherein data related to said subscriber is received using an 

2 L2TP tunnel. \ 



003239.P098 



-13- 



WWS/cn- 



1 64. The ISN of claim 62, wherein said assignment logic is designed to provide bytes 

2 1, 7, 8, 10, 13-15, and \7-20 of the IP packet contained in a first cell of said received data as a 

3 first input, and bytes 23,^4, and 27-37 of the IP packet contained in said first cell as a second 

4 input. 

1 65. An internet s^ice node (ISN) for providing a desired set of service poUcies 

2 desired by each of a plurality of subscribers, said ISN comprising: 

3 an access port to receiv)^ a plxirality of bit groups related to a subscriber comprised in said 

4 plurahty of subscribers; 

5 a switch fabric coupled toWid access port, said switch fabric to receive said plurality of 

6 bit groups and generating a plurality of packets, wherein said plurality of packets contain the data 

7 generated fi-om applications related ro said subscriber, wherein each of said plurality of packets 

8 contains sufficient data to be identified^ with a data flow generated by said applications related to 

9 said subscriber; 

10 a packet service card to receive saM plurality of packets, said packet service card 

1 1 processing each of said packets according to^ a plurality of processing rules related to said 

12 subscriber, 

13 wherein each of said plurahty of processing rules contain a classifier and an associated 

14 action, said classifier identifying at least one dat\ flow to which said associated action is to be 

15 applied, 

16 a trunk port coupled to said switch fabric, sa\d trunk port for transmitting any of said 

1 7 plurality of packets desired to be transmitted, 

1 8 wherein providing a corresponding plurality of fvrocessing rules to each of said plurality 

19 of subscribers enables said ISN to provide said desired set^of service for each of said plurality of 

20 subscribers. 



1 66. The ISN of claim 65, wherein said plurality of packets comprise Internet Protocol 

2 (IP) packets. 
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1 67. The ISNyof claim 66, wherein each of said data flows is identified by source IP 

2 address, destination IP address, protocol type, source port number and destination port number. 

1 68. The ISN of ckim 67, further comprising an interface for enabling a manager to 

2 provide said desired set of service policies, and wherein said ISN is designed to generate at least 

3 some of the said processing rule!^ based on said desired set of service poUcies provided by said 

4 manager. 

1 69. The ISN of claim 68, wherein said packet service card is designed to monitor 

2 control data flows of an application to netermine the parameters values identifying said data 

3 flows of said application if said paramerer values are not available beforehand. 




1 

2 
3 



70. The ISN of claim 65, wherein said packet service card comprises a plurality of 
processors, wherein said plurality of processors enable said ISN to process said plurality of 
packets quickly. 

71. The ISN of claim 70, wherein sa\d plurality of processors are provided in a 
separate physical unit from said access port to sard trunk port, wherein the separation enables the 
number of processors to be changed independent of the number of access ports and trunk ports. 



1 72. The ISN of claim 70, wherein a state rs maintained for each of said processing 

2 flows, wherein said state indicates the processing mle^ to be appUed to each of said plurality of 

3 packets related to the corresponding flow. 




73. (Amended) The ISN of claim 65, wherein\said bit groups comprise ATM cells 
such that said switch fabric is designed to convert to generate each of said packets from the 
payload in a plurality of ATM cells. 



1 74. The ISN of claim 65, wherein said bit groups comprise contain sufficient data to 

2 be identified with a data flow generated by said applications relate^ to said subscriber such that 

3 each of said packets is generated from one of said bit groups. 
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1 75. The ISN ofclaim 65, further comprising a random access memory (RAM), 

2 wherein said processor internee stores said plurahty of bit groups in said RAM. 



A: 



1 76. An internet seWice node (ISN) for processing a packet comprising a sequence of 

2 cells including a header cell, skid ISN comprising: 

3 a plurality of processors'^ 

4 a content addressable meJnory (CAM) containing a plurality of locations, each of said 

5 plurality of locations having a mask, a search field and an outfield field, said CAM being 

6 designed to receive an input value md compare said input value with data in said search field at 

7 bit positions specified by said mask for each of said plurality of locations, said CAM being 

8 designed to generate as output the data, stored in said output field if there is a match with the 

9 corresponding location, said search field and said mask of said location being configured with 
10 data identifying packets suitable for processing by one or more of said plurality of processors, 
[ 1 said output field being configured with dar^ identifying one or more processors suitable for 

12 processing a corresponding packet; and 

13 an assignment logic to receive said heVder cell and providing data fi"om said header cell 

14 as said input value of said CAM, whereby the output of said CAM identifies one or more 

15 processors suitable for processing said packet, said assignment logic assigning all of said 

16 sequence of cells to said one or more processors aVcording to said output of said CAM, 

1 7 wherein said packet is processed by a suitable processor. 



1 77. The ISN ofclaim 76, wherein said assignment logic is designed to assign said 

2 sequence of cells by setting at least a portion of the cell header of each cell to said identifier, said 

3 ISN further comprising a switch fabric which forwards sai^ sequence of cells to processors 

4 according to cell headers. 



1 78. The ISN of claim 77, wherein said ISN receives\packets related to a pluraUty of 

2 subscribers, and wherein the mask and search fields of each location are configured to identify a 

3 subscriber, and wherein the corresponding output field is designeoyto identify one or more of said 
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4 processors suitable for processing packets related to the subscriber identified by the 

5 corresponding mask field and search field. 



1 



79. The ISN of claim 78, wherein said packet comprises an IP packet. 



1 80. The ISN of claiVn 79, wherein said mask of a location is configured for 

2 examination of at least some onthe bit positions corresponding to an IP address, and said search 

3 field of said location to a pluraliw of IP addresses in combination with said mask, wherein at 

4 least some of said IP addresses arV associated with said subscriber. 



1 81. 

2 address. 



The ISN of claim sd wherein each of said IP addresses comprises an IP source 




82. The ISN of claim 80, 
destination address. 



lerein each of said IP addresses comprises an DP 



83, The ISN of claim 80, fiirther comprising a memory for storing an IP table 
mapping each of said plurahty of IP addresses to a processor identifier or a processor identifier 
or a processor group identifier, wherein saiM assignment logic is designed to use bits in the 
masked positions of the IP address and the output of said CAM to retrieve said identifier, 
wherein said sequence of cells are assigned toyone or more processors according to said 
identifier. 



1 84. The ISN of claim 79, wherein saioysearch field does not contain sufficient number 

2 of bits to store data identifying each subscriber, ana wherein said CAM is configured to store 

3 said data and corresponding masks identifying said subscriber in more than one of said locations, 

4 and wherein said assignment logic is designed to sena different portions of said data as different 

5 inputs to said CAM, wherein said assignment logic determines that said packet relates to a 

6 subscriber only upon a match for all of said inputs. 
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1 85. The ISN df claim 84, wherein said assignment logic is designed to provide bytes 

2 1, 7, 8, 10, 13-15, and 17^0 of the IP packet contained in said header cell as a first input, and 

3 bytes 23, 24, 27-37 of the BP packet contained in said header cell as a second input. 

1 86. The ISN of claim 78, further comprising a service manager v^hich configures said 

2 CAM to cause packets related to said subscriber to said one or more of said processors, wherein 

3 said service manager further conVigures said one or more processors with processing rules 

4 suitable for processing said packets related to said subscriber. 

1 87. The ISN of claim 86,Wther comprising an access port, wherein said access port 

2 contains said CAM and said assignment logic. 

1 88. The ISN of claim 86, further comprising a trunk port, wherein said trunk port 

contains said CAM and said assignment iWic. 

1 89. An internet service node (ISN^ providing a desired set of service policies to each 

2 of a plurality of subscribers, said ISN comprising: 

3 identifying means for identifying a plurklity of processing rules which provide a set of 

4 service poUcies desired by each subscriber; \ 

5 configuration means for configuring an internet service node with said processing rules 

6 corresponding to each of said subscribers; \ 

7 receiving means for receiving data in said internet service node; 

8 determination means for determining in said intemet service node a specific subscriber to 

9 whom said received data relates to; and \ 

10 applying means for applying in said intemet serviW node said plurality of processing 

1 1 rules related to said determine specific subscriber, whereiiAsaid applying is performed after said 

12 determining. \ 
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1 90. The ISN ofWaim 89, wherein said internet service node is provided as an edge 

2 device of an access netv^orkysuch the service pohcies can be controlled from the edge of said 

3 access network. 

1 91 . The ISN of clairk 89, wherein said ISN comprises a plurality of processors, said 

2 determination means and applying means together comprise: 

3 assignment means for assiming each of said subscribers to a processor group, wherein 

4 each processor group is configured with the processing rules corresponding to the assigned 

5 subscribers; and 

6 forwarding means for forwarding data related to each subscriber to a corresponding 

7 processor group after said determining of specific subscriber. 




1 
2 
3 
4 



92. The ISN of claim 91, wherein end systems of said plurality of subscribers 
generate data using internet protocol (IP). 

93. The ISN of claim 92, wherein Wd data comprises ATM cells. 

94. The ISN of claim 93, wherein sard assignment means comprises examination 
means for examining data contained in said ATMcells, said determination of specific subscriber 
being based on the results of said examination and^ port on which said ATM cells are received, 
wherein said port is contained in said internet service node. 



1 95. The ISN of claim 94, wherein said assiWnent means fiirther comprises 

2 modifying means for modifying the header of said cella to indicate said determined processor 

3 group such that the cells can be forwarded to an appropriate processor group based on 

4 examination of cell header, wherein said appropriate processor group is configured with the 

5 processing rules related to said specific subscriber. 




96. (New) An internet service node (ISN), compriVing: 
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2 a switch fabric to receive a plurality of bit groups and to generate a plurality of packets 

3 from data contained in the plurality of bit groups; and 

4 a packet servica card to receive and process the plurality of packets in accordance with a 

5 plurality of processing rules, each of the plurality of processing rules including a classifier 

6 identifying a data flow and an action to apply a policing service policy to packets associated with 

7 the data flow identified by the classifier, the classifier including a time field to specify a time of 

8 day during which the policing service policy should be applied. 

1 97. (New) The internet service node of claim 96, wherein the policing service pohcy 

2 is a prioritization policy to prionjize available bandwidth. 



98. (New) The intemeftservice node of claim 96, wherein the policing service pohcy 
is an allocation policy to allocate available bandwidth. 

99. (New) The internet seAice node of claim 96, wherein the action included in each 
of the plurality of processing rules fiirth\r includes a security service policy. 



1 100. (New) A method comprising: 

2 specifying a service policy for a subscriber; 

3 translating the service policy into processing rules, each of the processing rules including 

4 a classifier and an action, the classifier identifyihg a data flow, and the action implementing a 

5 policing service pohcy, the classifier including a\ime field to specify a time of day during which 

6 the policing service policy should be apphed; and 

7 processing incoming data in accordance with\the processing rules. 

1 101. (New) The method of claim 100, wherein translating the service policy into 

2 processing rules comprises specifying a prioritization polity to prioritize available bandwidth as 

3 part of the policing service policy of each of the processingVules. 



102. (New) The method of claim 100, wherein translating the service policy into 
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j^^2 processing rules comprises specifying an allocation policy to allocate available bandwidth as part 
3 of the policing service policy of each of the processing rules. 
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